A detailed news article on this solution can be found on this website.
Since it has become apparent that contact tracing apps to be used on smartphones have several drawbacks, it is wise to investigate alternatives. When looking at tracking and tracing in logistics, such an alternative might be anonymous COVID-19 contact tracing using physical tokens.
An outline of a possible system is described. EIT Digital called on researchers, innovators, entrepreneurs, industry players and policymakers to contribute with their creativeness, technology and supply chain expertise to come with concrete proposals that can contribute to the further design and development of such alternative, COVID-19 contact tracing system using physical tokens. More than 60 expressions of interest were submitted and are now bundled into consortia that will work on concrete pilots. As part of the EIT’s Crisis Response Initiative, this activity directly contributes to the European Union’s response to the COVID-19 pandemic.
CONTACT TRACING PURPOSE AND REQUIREMENTS
To effectively contain virus outbreaks, it is essential to quickly reach (possibly) infected individuals in order to prevent them from spreading the virus. Speed is vital given the exponential spreading of viruses. Reaching individuals that have been in contact with persons tested positive is an essential part of the overall approach. Once these individuals have been reached, they can get themselves tested. Thus, contact tracing is only part of the overall approach to contain virus outbreaks. Given that manual contact tracing is labour intensive and slow, institutions and authorities are looking for technological solutions.
The purpose of any technological contact tracing solution is to reach (possibly) infected individuals in order to inform them so they can get themselves tested and if needed go into quarantine to avoid further spreading of the virus.
This is key to the design of a contact tracing system. The role of the contact tracing system is only and exclusively to reach individuals that have been in contact with infected persons. Not more. This principle of focussing on the essence is key and well known as Occam’s razor. As a consequence, there isfor example no need for the tracing system to know the identity of citizens. Which is a key ingredient in achieving anonymity and thus user acceptance.
There is broad consensus on the so-called non-functional requirements any technological solution should fulfil. These are anonymity, voluntariness, transparency, security, temporality, and interoperability.
To summarize, the challenge is to have a system that allows to quickly inform (possibly) infected individuals that they have been in contact with an infected person while observing the aforementioned non-functional requirements.
TRACING USING PHYSICAL TOKENS
Physical tokens have only the minimal functionality needed for contact tracing (Occam’s razor) which has, for this specific purpose of contact tracing, several advantages over smartphone apps
- they are small, robust, cheap, and consume little energy
- their proximity technologies could include Bluetooth, but also the more accurate UltraWideBand
- their simplicity, single application, and ‘not always on’ allow for high levels of security
Being able to use the more accurate UltraWideBand on physical tokens may also address another challenge that is identified with smartphone solutions, that of the accuracy of Bluetooth. Unfortunately, UltraWideBand is not available on the average smartphone.
Next to that, physical tokens are proven technology in the logistics domain with established players and well-functioning ecosystems which allows for technical sovereignty.
The beauty of the system is that it allows both for local as well as gradual deployment, which means that after testing and piloting in restricted locations, such as factory plants or even ports, larger deployment can also be foreseen in critical areas and areas at risk. Further gradual deployment could cities, regions and even country-wide as well as cross-border distribution.
Physical tokens will have to be produced and distributed. Setting up production and distribution in Europe of physical tokens will take time, however, based on the existing production and supply chains, European countries should be able to bring physical tokens to their citizens in relevant time.
OUTLINE FOR A POSSIBLE CONTACT TRACING SYSTEM USING PHYSICAL TOKENS
The token itself is a small coloured device of at most the size of a matchbox, featuring a very simple (LED) status indication interface that resembles a traffic light and is only visible on request
- GREEN: NO INDICATION OF AN INFECTION
- RED: ACTIVE INFECTION (determined by a test)
- YELLOW: GO TAKE TEST (been in contact with an infected person)
Tokens can be carried in pockets, as bracelets, necklaces, etc. and should minimally have the following functionalities
- a unique securely stored serial number
- the ability to generate frequently changing identifiers from the serial number
- storage for securely storing identifiers of contacted tokens
- timed proximity identification of other tokens
- secure proximity exchange of token identifier with another token
- secure matching between the contact list, locally stored on the token, with the list of token identifiers of infected individuals
- receive and process a list of infected token identifiers
- switch the status indication
At regular intervals tokens change the identifier that they exchange with other tokens.
The system will have a central registry of serial numbers of tokens that have status indication RED. No other information will be stored in the registry (Occam’s razor).
Tokens are produced by a manufacturer that securely stores a serial number in the token.
Tokens are produced by a manufacturer that securely stores an identifier in the token. Initially all tokens have status indication GREEN.
Tokens are distributed via designated distribution points, which for example in cities might be supermarkets or possible other outlets, where individuals can randomly pick from boxes filled with tokens.
At regular intervals, a signed list of recent serial numbers in the registry (signing assures authenticity of the list) is broadcasted and every token with status indication GREEN will intersect this list with the contact list it has stored. If the intersection is not empty the status indicator will be switched to YELLOW.
Also at regular intervals, people should check the status indicator of their token. In case it is YELLOW, they are strongly advised to, for example, contact their general practitioner or a COVID-19 test centre. This, however, is voluntary, and people may decide to ignore the advice.
The system will need to work with cyclic storage buffers with a pre-set duration, typically of two weeks.
THE OUTLINED SYSTEM SHOULD ADRESS THE REQUIREMENTS
The functional requirement is that the solution should reach those individuals that have been in contact with an infected person. The non-functional requirements are anonymity, voluntarily, transparency, security, temporality, and interoperability across systems and borders.
The functional requirement to reach individuals should be assured via the protocols that exchange token identifiers or broadcast them in regular intervals.
For the non-functional requirements of anonymity, voluntariness and transparency, the system should be voluntary; anonymity should be ensured by not having any relationship between the serial number of a token and a specific individual, combined with keeping the contact information as well as the processing of the broadcasted information on the token. Only token owners should be able to determine the outcome. In addition, the registry should not contain any personal or contact data. Finally, token tracing should be avoided for example through the use of pseudo-identifiers.
The requirement of security should be handled through the use of encryption, secure storage, secure identifier exchange, signed broadcasting, private set intersection, as well as frequently changing pseudo-identifiers. This collection of measures should address attacks such as skimming of serial numbers, man in the middle attacks, injection of false alarms, and collusion attacks on serial numbers.
The requirement of being temporary should be handled by time cyclic buffers as well as by the fact that the token system can be stopped any moment by stopping the broadcasting.
The requirement of being interoperable across systems depends very much on the other systems that are deployed. At the overall system level, the system should work hand in hand with existing systems deployed internally by institutions and authorities. In case of cross-border deployment, an interface supporting the interoperability should be provided.
THE AVAILABILTY OF TECHNOLOGY TO BUILD SUCH SYSTEM
As mentioned before token-based tracing is deployed in many logistics applications and the needed technologies to build such a system, such as low energy small size tokens including RFID, Bluetooth Low Energy, or the more accurate UltraWideBand, and long-range broadcast such as for example LoRa, are in principle available. The needed low footprint, low energy, processing, storage, communication, and security (hashing and encryption) technologies are in principle available. It is an important requirement to have a small-size, low power, low cost solution. Using existing state-of-the art technology it is expected to be possible to have a matchbox size token with approximately 1-year battery life at a ballpark cost of around €5.
Technology production and deployment of the tokens should be feasible by existing actors from semiconductor and equipment industry, telecommunication providers, producers of ultra-wideband tokens, embedded software developers, and of course institutions or authorities and distribution supply chains, such as for example for supermarkets. Given that most of this is in place, it is expected that this can be mobilised in reasonable time.
The system should allow both for local as well as gradual deployment, which means that after testing and piloting in restricted locations, such as factory plants or even ports, larger deployment can also be foreseen in critical areas and areas at risk. Further gradual deployment could be cities, regions and even country-wide as well as cross-border distribution.
THE TOKEN ACCEPTANCE
It is important that people accept the system and will actually use the token. Their main motivation should be to contribute to fighting virus outbreaks, as well as to protect their own health through early detection of possible infection. Nevertheless, to have the system accepted it should be trusted, easy to use and easily accessible. Therefore, any successful system should take these considerations as a starting point.
JOINT EFFORTS AND CONTRIBUTIONS
As part of the EIT’s Crisis Response Initiative, this activity directly contributes to the European Union’s response to the COVID-19 pandemic. Researchers, innovators, entrepreneurs, industry players and policymakers were called upon to contribute with their creativeness, technology and supply chain expertise to come with concrete proposals that can contribute to the further design and development of this alternative, a COVID-19 contact tracing system using physical tokens.
More than 60 expressions of interest were submitted by 27 May and are now bundled into consortia that will work on concrete pilots. Stay tuned for more information!
A detailed article on this solution can be found on our website.